Can you computer be hacked within 8 seconds?

Thorpe

As soon as you connect to the internet (without no firewall or antivirus software) can you get hacked without even accessing the internet? I mean just dialing up so you have a connection? It is explained more in this movie from the BBC (skip to 12:35). I wouldn't of realised this a few years ago but now I always make sure my antivirus software and firewall are up to date. How do hackers know you have a connection to the internet?

segosa

As soon as you connect to the internet (without no firewall or antivirus software) can you get hacked without even accessing the internet? I mean just dialing up so you have a connection? It is explained more in this movie from the BBC (skip to 12:35). I wouldn't of realised this a few years ago but now I always make sure my antivirus software and firewall are up to date. How do hackers know you have a connection to the internet?

Computers that are infected with trojans automatically scan hundreds, thousands, maybe millions of IP addresses for computers that can be infected. If they can successfully infect that PC, it becomes yet ANOTHER computer scanning for more to infect.

Think of it like bacteria. One becomes two, two becomes four.. multiplies fast. Think about millions and millions of computers with home internet connections connected to the internet, with trojans on their PC automatically attempting to connect & exploit random IP addresses. You would just be so unlucky that the moment you connect one of those computers happened to scan the IP address you were given.

Thorpe

As soon as you connect to the internet (without no firewall or antivirus software) can you get hacked without even accessing the internet? I mean just dialing up so you have a connection? It is explained more in this movie from the BBC (skip to 12:35). I wouldn't of realised this a few years ago but now I always make sure my antivirus software and firewall are up to date. How do hackers know you have a connection to the internet?

Computers that are infected with trojans automatically scan hundreds, thousands, maybe millions of IP addresses for computers that can be infected. If they can successfully infect that PC, it becomes yet ANOTHER computer scanning for more to infect.

Think of it like bacteria. One becomes two, two becomes four.. multiplies fast. Think about millions and millions of computers with home internet connections connected to the internet, with trojans on their PC automatically attempting to connect & exploit random IP addresses. You would just be so unlucky that the moment you connect one of those computers happened to scan the IP address you were given.

As soon as you connect to the internet (without no firewall or antivirus software) can you get hacked without even accessing the internet? I mean just dialing up so you have a connection? It is explained more in this movie from the BBC (skip to 12:35). I wouldn't of realised this a few years ago but now I always make sure my antivirus software and firewall are up to date. How do hackers know you have a connection to the internet?

Computers that are infected with trojans automatically scan hundreds, thousands, maybe millions of IP addresses for computers that can be infected. If they can successfully infect that PC, it becomes yet ANOTHER computer scanning for more to infect.

Think of it like bacteria. One becomes two, two becomes four.. multiplies fast. Think about millions and millions of computers with home internet connections connected to the internet, with trojans on their PC automatically attempting to connect & exploit random IP addresses. You would just be so unlucky that the moment you connect one of those computers happened to scan the IP address you were given.

Having a firewall should block it though?

Depends. There was one that exploited lsass.exe, a system process (which listens on port 445) and many firewalls allow that to access the internet since it's not malicious.

If you have a router, you won't be affected by that though.

Just make sure Windows Updates have been done and you have a firewall or router.

EDIT: I've just watched the video, and as you can see it got hit by the Sasser worm which uses that vulnerability I described above.

Seriously, don't worry that much about it. Just NEVER connect to the internet without Windows up-to-date and some form of hardware firewall.. EVER.

EDIT2: Also, where did you get the video from? I don't have time to watch it on TV so maybe I'll download it each week (Click Online I'm referring to.)

segosa

I get Firewall Alerts even before I connect, whilst I'm dialing up....And if you get a Sasser worm, you need a updated version of your firewall...But my ZoneAlarm hasn't beeped in a while....

Unpatched XP + ZoneAlarm = Vulnerable to Sasser.

ZoneAlarm allows system processes to listen for connections. lsass.exe is a system process which listens on port 445. As it were, to exploit lsass.exe you'd connect to its port 445, send over the shellcode and force it to execute a shell command, or more shellcode. ZoneAlarm is no help against this, as it thinks/knows lsass.exe is trusted.

segosa

The only way it can be bypassed is if there is a security hole in the router. This is unlikely, but possible.

An automatically-spreading virus like the ones that get you in 8 seconds would very unlikely contain code to exploit routers as there are simply too many, and would not be a sufficient return in bots for the creators to bother with it.

However if someone was determined to gain access to your network and your router was exploitable it's possible they would, but really, no one who's able to do such a thing would WANT to gain access to your PC. Plus, even if they bypassed the router there'd be the XP firewall, and not to mention the fact that your PC (or another PC on the network) would have to be vulnerable in the first place!